<br><br><div class="gmail_quote">2008/7/3 Jeff Lightner <<a href="mailto:jlightner@water.com">jlightner@water.com</a>>:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="blue" lang="EN-US">
<div>
<div>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;">Uh…</span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<div>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;">Doesn't the dd you suggest erase the
hard drive completely? </span></font></p></div></div></div></div></blockquote><div><br>Yep. Gets _RID_ of the problem. :)<br><br>Happily, I know Daniel knew I was joking (only slightly). <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="blue" lang="EN-US"><div><div><div><p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;">If so didn't you leave out some
steps like needing to reload XP and the applications?</span></font></p></div></div></div></div></blockquote><div><br>WHAT?!?!? And _REINSTALL_ the original virus payload? <br><br>Serious note: As Daniel discovered the very first thing to do in any virus extraction is to turn off hibernate and system restore. Without those steps the system will just reinfect itself nearly forever. <br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div link="blue" vlink="blue" lang="EN-US"><div><div><div><p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;"></span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<div style="text-align: center;" align="center"><font face="Times New Roman" size="3"><span style="font-size: 12pt;">
<hr align="center" size="2" width="100%">
</span></font></div>
<p><b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma; font-weight: bold;">From:</span></font></b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma;">
<a href="mailto:ale-bounces@ale.org" target="_blank">ale-bounces@ale.org</a> [mailto:<a href="mailto:ale-bounces@ale.org" target="_blank">ale-bounces@ale.org</a>] <b><span style="font-weight: bold;">On Behalf Of </span></b>Jim Kinney<br>
<b><span style="font-weight: bold;">Sent:</span></b> Thursday, July 03, 2008
12:59 AM<br>
<b><span style="font-weight: bold;">To:</span></b> <a href="mailto:dhhoward@comcast.net" target="_blank">dhhoward@comcast.net</a>;
<a href="mailto:ale@ale.org" target="_blank">ale@ale.org</a><br>
<b><span style="font-weight: bold;">Subject:</span></b> Re: [ale] XP Malware - XP
Security Center</span></font></p>
</div><div><div></div><div class="Wj3C7c">
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;"> </span></font></p>
<p style="margin-bottom: 12pt;"><font face="Times New Roman" size="3"><span style="font-size: 12pt;"> </span></font></p>
<div>
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">On Thu, Jul 3, 2008 at 12:35 AM, Daniel Howard <<a href="mailto:dhhoward@comcast.net" target="_blank">dhhoward@comcast.net</a>> wrote:</span></font></p>
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">Short question: do you have a win XP malware removal tool you
recommend?</span></font></p>
<div>
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;"><br>
dd if=/dev/zero of=/dev/hda using toms root boot disk <a href="http://www.toms.net/rb/" target="_blank">http://www.toms.net/rb/</a><br>
<br>
I have used this malware removel with 100% success for the past 10 years.
Removes ALL virii included boot sector nasties that call ntloader and
others.Run! Don't walk to <a href="http://www.toms.net/rb/" target="_blank">http://www.toms.net/rb/</a>
and download your copy today! <br>
<br>
dban is another tool that will also thoughly cleanse the drive of virii and
spyware: <a href="http://dban.sourceforge.net/" target="_blank">http://dban.sourceforge.net/</a><br>
<br>
I was able to manually pound someof those off by killing of many running bugs
and deleting them manulally. But I did finally use the BartsPE disk I carry.
Live windows CD. </span></font></p>
</div>
<blockquote style="border-style: none none none solid; border-color: -moz-use-text-color -moz-use-text-color -moz-use-text-color rgb(204, 204, 204); border-width: medium medium medium 1pt; padding: 0in 0in 0in 6pt; margin-left: 4.8pt; margin-right: 0in;">
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;"><br>
<br>
Long version:<br>
<br>
I've googled myself to death on this one. I've tried everything so far<br>
except purchasing a new Windows antimalware program (currently use<br>
ClamAV and Spybot SD). I've somehow picked up a malware program that<br>
puts a red circle with a white X in it in the task tray that keeps<br>
trying to get me to buy some rogue antispyware program called XP<br>
Security Center. I researched it, sure enough it's malware (rogue<br>
antispyware), found the names of the files used (winivstr.exe and<br>
braviax.exe) and couldn't delete them due to being in use, so I booted<br>
my XP install disk in recovery mode, and deleted the files from all<br>
locations found from searching (in the WINDOWS and SYSTEM32<br>
directories), and dang if they still don't get replaced on reboot.<br>
<br>
So, I probably need to purchase a better tool for removal, but there's<br>
so much crap out there that poses as malware removal that is likely yet<br>
another malware package. Is there a good malware removal package that<br>
would work on beasties like this one?<br>
<br>
Thanks, Daniel<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a></span></font></p>
</blockquote>
</div>
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;"><br>
<br clear="all">
<br>
-- <br>
-- <br>
James P. Kinney III </span></font></p>
</div></div></div>
</div>
<div style="font-size: 9pt; font-family: Courier New;">
<font face="Arial" size="2">----------------------------------<br>CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.<br>
----------------------------------<br></font>
</div></div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III <br>